Method and device for vulnerability scanning

1. A vulnerability scanning method, comprising: acquiring, by a reverse scanner agent installed on a server, a client message from a client; transmitting, by the reverse scanner agent, the client message to a vulnerability scanner, so that the vulnerability scanner identifies a vulnerability of the client according to the client message, or identifying, by the reverse scanner agent, a vulnerability of the client according to the client message and transmitting the vulnerability of the client to the vulnerability scanner; and receiving, by the reverse scanner agent, a control instruction from the vulnerability scanner, and changing a manner and/or a mode of operation according to the control instruction, and updating a vulnerability rule; wherein the method, further comprising: obtaining, by the reverse scanner agent or the vulnerability scanner, a vulnerability of the server; and obtaining, by the reverse scanner agent or the vulnerability scanner, network defect information according to the vulnerability of the server and the vulnerability of the client; wherein the network defect information comprises a network defect density and a network security level; and the obtaining network defect information according to the vulnerability of the server and the vulnerability of the client comprises: classifying the vulnerability of the server and the vulnerability of the client according to at least one first classification rule to obtain a network defect type set which comprises at least one type of network defect; classifying a network region, which includes the server and the client, according to at least one second classification rule to obtain a network sub-region set which comprises at least one network sub-region; obtaining the network defect density according to the network defect type set and the network sub-region set; and obtaining the network security level according to the network defect density.

2. The method according to claim 1 , wherein the acquiring, by a reverse scanner agent, a client message from a client comprises: acquiring, by the reverse scanner agent, a service request message and a reply message transmitted from the client during an interaction between the client and the server; or transmitting, by the reverse scanner agent, a constructed test message to the client, and acquiring a respond message from the client in response to the constructed test message.

3. The method according to claim 2 , wherein the identifying a vulnerability of the client according to the client message comprises: identifying the vulnerability of the client according to a characteristic field of the service request message, the reply message and/or the respond message; or identifying the vulnerability of the client by matching the service request message, the reply message and/or the respond message with a preset interaction message, a preset message sequence or a vulnerability characteristics rule.

4. The method according to claim 1 , wherein the classifying the vulnerability of the server and the vulnerability of the client according to at least a first classification rule to obtain a network defect type set comprises: classifying, according to an m-th of the first classification rule, the vulnerability of the server and the vulnerability of the client into a first set p n m ={δ 0 m , δ 1 m δ 2 m , . . . , δ i m , . . . , δ n-1 m }, wherein m≥1, n≥1, the first set includes n types of network defects, δ i m represents an (i+1)-th type of network defect obtained by classifying the vulnerability of the server and the vulnerability of the client according to the m-th first classification rule, wherein, for i,j∈[0, n−1] and i≠j, δ i m , δ j m ≠∅, δ i m ∩δ j m =∅ and δ 0 m ∪δ 1 m ∪δ 2 m ∪ . . . ∪δ n-1 m =p n m are satisfied; and determining, in the first classification rule, a first target classification rule which classifies the vulnerability of the server and the vulnerability of the client into N or less than N types of network defects, and classifying the vulnerability of the server and the vulnerability of the client according to the first target classification rule in order to obtain a first set which constitutes the network defect type set δ p =∪ n=1 N ∪ r=F(n) ∪ i=0 n-1 δ i r , wherein F(n) is a mapping function of n, and represents the first target classification rule for classifying the vulnerability of the server and the vulnerability of the client into n≤N types of network defects, and ∪ r=F(n) ∪ i=0 n-1 δ i r represents the set of n≤N types of network defects obtained by classifying the vulnerability of the server and the vulnerability of the client.

5. The method according to claim 1 , wherein the classifying a network region including the server and the client according to at least one second classification rule in order to obtain a network sub-region set comprises: classifying, according to a t-th second classification rule in the at least one second classification rule, the network region into a second set ρ t ={ρ 0 t , ρ 1 t , ρ 2 t , . . . , ρ s t , . . . , ρ S-1 t }, wherein t≥1, S≥1, ρ s t represents an (s+1)-th network sub-region obtained by classifying the network region according to the t-th second classification rule, wherein, for i,j∈[0, S−1] and i≠j, ρ i t , ρ j t ≠∅, ρ i t ∩ρ j t =∅ and ρ 0 t ∪ρ 1 t ∪ρ 2 t ∪ . . . ∪ρ S-1 t =ρ t are satisfied; and classifying the network region according to T of the second classification rules separately, in order to obtain a second set which constitutes a network sub-region set ρ=∪ t=1 T ∪ s=0 G(t) ρ s t , wherein G(t) represents the number of network sub-regions obtained by classifying the network region according to the t-th second classification rule.

6. The method according to claim 1 , wherein the network defect density comprises a network defect density in the network sub-region and a device defect density in the network sub-region; the obtaining the network defect density according to the network defect type set and the network sub-region set comprises: obtaining the network defect density τ t,s m,i =C(Q ρ s t (δ i m )) in the network sub-region according to a network defect type set δ p =∪ n=1 N ∪ r=F(n) ∪ i=0 n-1 δ i r and a network sub-region set ρ=∪ t×1 T ∪ s=0 G(t) ρ s t , wherein δ i m ∈δ p =Y n=1 N ∪ r=F(n) ∪ i=0 n-1 δ i r ρ s t ∈ρ=∪ t=1 T ∪ s=0 G(t) ρ s t , Q ρ s t (δ i m ) is configured for selecting δ i m within the scope of ρ s t , and C(Q p s t (δ i m )) is configured for calculating the number of Q ρ9 s t , (δ i m ); and obtaining the device defect density φ m,i t,s =C(Q σ i m (ρ s t )) in the network sub-region according to a network defect type set δ p =∪ n=1 N ∪ r=F(n) ∪ i=0 n-1 δ i r and a network sub-region set ρ=∪ t=1 T ∪ s=0 G(t) ρ s t , wherein δ i m ∈δ p =∪ n=1 N ∪ r=F(n) ∪ i=0 n-1 δ i r , ρ s t ∈ρ=∪ t=1 T ∪ s=0 G(t) ρ s t , Q σ i m (ρ s t ) is configured for selecting ρ s t within the scope of δ i m , and C(Q σ i m (ρ s t )) is configured for calculating the number of Q σ i m (ρ s t ), wherein δ i m represents an (i+1)-th type of network defect obtained by classifying the vulnerability of the server and the vulnerability of the client according to an m-th first classification rule; for i,j∈[0, n−1] and i≠j, δ i m , δ j m≠∅, δ i m ∩δ j m =∅ and δ 0 m ∪δ i m ∪δ 2 m ∪ . . . ∪δ n-1 m =δ p are satisfied; ρ s t represents an (s+1)-th network sub-region obtained by classifying a network region according to a t-th second classification rule; for i,j∈[0,S−1] and i≠j, ρ i t , ρ j t ≠∅, ρ i t ∩ρ j t ∅ and ρ 0 t ∪ρ 1 t ∪ρ 2 t ∪ . . . ∪ρ S-1 t =ρ are satisfied; F (n) is a mapping function of n, and represents a first target classification rule for classifying the vulnerability of the server and the vulnerability of the client into n≤N types of network defects; and G(t) represents the number of network sub-regions obtained by classifying the network region according to a t-th second classification rule.

7. The method according to claim 6 , wherein the network security level comprises a first network security level and a second network security level; and the obtaining the network security level according to the network defect density comprises: obtaining the first network security level γ t,s =∪ n=1 N ∪ m=F(n) ∪ i=0 n-1 γ t,s m,i according to the network defect density τ t,s m,i =C (Q ρ s t (δ i m )) in the network sub-region, wherein γ t,s m,i =Y 1 (τ t,s m,i ), and Y 1 is a monotonically decreasing function of τ t,s m,i ; and obtaining the second network security level γ t,s =∪ n=1 N ∪ m=F(n) ∪ i=0 n-1 γ m,i t,s according to the device defect density φ m,i t,s =C(Q σ i m (ρ s t )) in the network sub-region, wherein γ m,i t,s =Y 2 (φ m,i t,s , and Y 2 is a monotonically decreasing function of φ m,i t,s .

8. The method according to claim 7 , wherein the γ t,d m,i =Y 1 (τ t,s m,i ) is γ t,s m,i =α 1 +β 1 /τ t,s m,i ; the γ t,s m,i =Y 2 (φ t,s m,i ) is γ t,s m,i =α 2 +β 2 /φ t,s m,i , wherein α 1 , β 1 , α 2 , β 2 are constants.

9. The method according to claim 7 , wherein the network defect information further comprises a network defect density distribution and a network security level distribution, the network defect density distribution comprises a distribution function of the network defect density in the network sub-region and a distribution function of the device defect density in the network sub-region, the network security level distribution comprises a distribution of the first network security level and a distribution of the second network security level, wherein the distribution function of the network defect density in the network sub-region is τ t m,t =∪ s×0 G(t) τ t,s m,i , and the distribution function of the device defect density in the network sub-region is φ m,t t =∪ s=0 G(t) φ t,s m,i ; and the distribution of the first network security level is y t =∪ s=0 G(t) ∪ n=1 N ∪ m=F(n) ∪ i=0 n-1 γ t,s m,i , and the distribution of the second network security level is γ t =∪ s=0 G(t) ∪ n=1 N ∪ m=F(n) ∪ i=0 n-1 γ t,s m,i .

10. A non-transitory computer-readable storage medium comprising instructions stored thereon, when run on a computer device in a server, causing the computer device to: acquire a client message from a client; transmit the client message to a vulnerability scanner, so that the vulnerability scanner identifies a vulnerability of the client according to the client message, or identify a vulnerability of the client according to the client message and transmit the vulnerability of the client to the vulnerability scanner; and receive a control instruction from the vulnerability scanner, and change a manner and/or a mode of operation according to the control instruction, so as to update a vulnerability rule{circumflex over ( )} wherein the instructions stored thereon, when run on the computer device, further causing the computer device to: obtain the vulnerability of the server; and obtain network defect information according to the vulnerability of the server and the vulnerability of the client; wherein the network defect information comprises a network defect density and a network security level; and the instructions stored thereon, when run on the computer device, further causing the computer device to: classify the vulnerability of the server and the vulnerability of the client according to at least one first classification rule to obtain a network defect type set which comprises at least one type of network defect; classify a network region, which includes the server and the client, according to at least one second classification rule to obtain a network sub-region set which comprises at least one network sub-region; obtain the network defect density according to the network defect type set and the network sub-region set; and obtain the network security level according to the network defect density.

11. The non-transitory computer-readable storage medium according to claim 10 , wherein the instructions stored thereon, when run on the computer device, further causing the computer device to: acquire a service request message and a reply message transmitted from the client during an interaction between the client and a server; or transmit a constructed test message to the client; and acquire a respond message from the client in response to the constructed test message.

12. The non-transitory computer-readable storage medium according to claim 11 , wherein the instructions stored thereon, when run on the computer device, further causing the computer device to: identify the vulnerability of the client according to the characteristic field of the service request message, the reply message and/or the respond message; or identify the vulnerability of the client by matching the service request message, the reply message and/or the respond message with a preset interaction message, a preset message sequence or a vulnerability characteristics rule.

13. A non-transitory computer-readable storage medium comprising instructions stored thereon, when run on a computer device, causing the computer device to: receive a client message from a client transmitted from a reverse scanner agent installed on a server, or configured to receive a vulnerability of the client transmitted from the reverse scanner agent; identify the vulnerability of the client according to the client message; and transmit a control instruction to the reverse scanner agent, so that the reverse scanner agent changes a manner and/or a mode of operation according to the control instruction and update a vulnerability rule; wherein the instructions stored thereon, when run on the computer device, further causing the computer device to: obtain the vulnerability of the server; and obtain network defect information according to the vulnerability of the server and the vulnerability of the client; wherein the network defect information comprises a network defect density and a network security level; and the instructions stored thereon, when run on the computer device, further causing the computer device to: classify the vulnerability of the server and the vulnerability of the client according to at least one first classification rule to obtain a network defect type set which comprises at least one type of network defect; classify a network region, which includes the server and the client, according to at least one second classification rule to obtain a network sub-region set which comprises at least one network sub-region; obtain the network defect density according to the network defect type set and the network sub-region set; and obtain the network security level according to the network defect density.

14. The non-transitory computer-readable storage medium according to claim 13 , wherein the instructions stored thereon, when run on the computer device, further causing the computer device to: identify the vulnerability of the client according to the characteristic field of the service request message, the reply message and/or the respond message; or to identify the vulnerability of the client by matching the service request message, the reply message and/or the respond message with a preset interaction message, a preset message sequence or a vulnerability characteristics rule.